Secret material exchange and authentication cryptography operations

ABSTRACT

Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims priority to PCT Application No. PCT/US2019/041871, filed on Jul. 15, 2019, and titled “SECRET MATERIAL EXCHANGE AND AUTHENTICATION CRYPTOGRAPHY OPERATIONS,” which is hereby incorporated by reference in its entirety for all purposes.

BACKGROUND

Cryptography is related to the study of protocols, techniques, and approaches that prevent third parties from accessing, reading, and/or interpreting secret data. Cryptography can be applied to various processes in information security, such as data integrity and encryption, confidentiality, authentication, verification, and non-repudiation. Thus, cryptography has several applications in various fields, including data encryption and privacy, computer network communications and transaction processing, and computing system security and integrity.

Modern cryptography often relies upon computational hardness in mathematical theory. In other words, it might be theoretically possible to break certain cryptographic systems, but the time required to do so makes such cryptographic-defeating processes intractable. Typically, computationally-secure cryptography processes are preferable to those which are easier to defeat. At the same time, however, computationally-secure cryptography processes might be more computationally-intensive to implement and, thus, more time consuming and costly. In that context, although some cryptographic processes, such as a one time pad, cannot be broken or defeated even with unlimited computing power, those schemes are more difficult to implement than a good, theoretically-breakable but computationally secure approach. As such, modern computing devices may exchange secret data using cryptographic processes having security problems (e.g., the processes are susceptible to brute force attack). At the same time, those cryptographic processes may be resource intensive (e.g., the processes are computationally-intensive to implement).

BRIEF DESCRIPTION OF THE DRAWINGS

Many aspects of the present disclosure can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, with emphasis instead being placed upon clearly illustrating the principles of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.

FIG. 1 illustrates a process of secret text transfer using asymmetric keys.

FIG. 2 illustrates a representative process of secret key transfer using cryptography processes according to various embodiments described herein.

FIG. 3A illustrates an example distribution function of variables resulting from the white noise associative cryptography key operations according to various embodiments described herein.

FIG. 3B illustrates example probability distribution functions of variables resulting from the white noise associative cryptography key operations according to various embodiments described herein.

FIG. 4 illustrates example user interfaces of a program to perform cryptography key operations according to various embodiments described herein.

FIG. 5 illustrates a more particular example of a secret key transfer process according to the concepts described herein.

FIG. 6 illustrates an example of a secret key transfer process using authentication according to the concepts described herein.

DETAILED DESCRIPTION

As noted above, cryptography is related to the study of protocols, techniques, and approaches that prevent third parties from accessing, reading, and/or interpreting secret data. In the context of cryptography, the Rivest-Shamir-Adleman (RSA) cryptosystem, elliptic curve cryptography (ECC) cryptosystem, and other asymmetrical (and symmetrical) methods of secure key exchange have security problems. Those cryptosystems are based on complexity and can, theoretically, be decrypted.

In contrast to the RSA, ECC, and other cryptosystems, the cryptographic processes described herein is more immune to cryptanalysis and permits the sharing of secret data, such as symmetric keys and other secret data, over public networks. The cryptographic system can also be used for authentication. No known methods of traditional or quantum computing can be used to circumvent the cryptographic approaches described herein. The cryptographic system described herein was developed to achieve a number of goals including (1) securely exchanging cryptographic keys over public networks, (2) information ciphering, authentication, and (4) encryption for public networks that is secure against standard and quantum computing.

In the context described herein, white noise can be defined as (or can include) a sequence of independent random variables (e.g., discrete numbers) with a uniform probability distribution. Polynomial white noise can be defined as (or can include) a sequence of polynomial function values composed by independent random variables (e.g., discrete numbers) with a uniform probability distribution.

No known algorithm can decrypt the operations described herein due, at least in part, to the use of white noise randomization. The unknown independent variables appear to third parties as random white noise and, thus, there is no correlation between those variables and any information being transferred. As one example, the key exchange method or process described herein can be shown as an exchange of matrices with a corresponding number of different unknown independent variables and visible values. The number of unknown independent variables always exceeds the number of visible independent values in any combination of subsets of matrices. Further, the number of unknown variables exceeds the number of publically visible polynomial functions. Additionally, no inverse polynomial functions can be determined without information about the secret key—even if the plain text of the secret key is known by a third party.

Turning to the drawings, FIG. 1 illustrates a process of secret text transfer using asymmetric keys. In the example shown in FIG. 1 , Alice wishes to communicate secret text to Bob over a public network, such as the Internet, and Eve is the eavesdropper. To communicate the secret text, which can be a symmetric key or any other secret information, Alice and Bob use asymmetric cryptography. Asymmetric cryptography relies upon a key pair including a public key that can be disseminated to third parties (e.g., Alice) and a private key which is kept private (e.g., by Bob). In an asymmetric cryptography system, any person can encrypt a message using the public key, and that encrypted message can only be decrypted using the private key. The strength of asymmetric cryptography relies on the degree of difficulty (e.g., computational impracticality) for a private key to be determined from its associated public key. Asymmetric cryptography also depends on keeping the private key private.

Referring back to FIG. 1 , Alice obtains a copy of a public key from Bob (or any other source). Alice encrypts the secret text using the public key to produce the encrypted secret text and communicates it to Bob over the public network. Bob then decrypts the encrypted secret text using the private key to obtain the secret key. Over the public network, Eve can only see the encrypted secret text. Even if Eve obtains a copy of the encrypted secret text and the public key used to create it, Eve cannot obtain the secret text from the encrypted secret text using the public key. Instead, only the private key, which is securely held and protected by Bob, can be used to decrypt the encrypted secret text to obtain the secret text from Alice.

There are drawbacks and limitations to using asymmetric cryptography. For example, it is algorithmically possible to estimate (or determine) the private key in a key pair from the publicly available public key. Additionally, asymmetric key pairs are relatively difficult and time consuming to create, typically depending upon the identification of large prime numbers. Further, asymmetric cryptography can be vulnerable in that it may produce the same predictable encrypted output when the same secret text is encrypted.

To be distinguished from other cryptographic systems, various cryptography processes or operations are described herein. In one embodiment, a first cryptographic function is applied to secret data. The first cryptographic function operates as a type of cryptographic key and encrypts or ciphers the secret data to produce a first encrypted result. The first encrypted result can be securely transmitted by a first device to a second device. The second device then applies a second cryptographic function to the first encrypted result. Similar to the first cryptographic function, the second cryptographic function operates as a cryptographic key and further (or doubly) encrypts or ciphers the first encrypted result to produce a second (or doubly) encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data. The two different cryptographic functions can then be inversed or removed, in any order, to reveal the secret data.

Turning to the embodiments, FIG. 2 illustrates a representative process 20 of secret key transfer using cryptography processes according to various embodiments described herein. The process described below can be performed by any suitable computing device(s) including a processor and memory, without limitation. In the example shown in FIG. 2 , Alice wants to securely pass the secret key X to Bob over a public network. To do so, Alice should first encrypt the secret key X before sending it to Bob.

To encrypt the secret key X, Alice holds a first cryptographic function F_(k). In various embodiments, the cryptographic function F_(A) can be embodied as any suitable mathematical function having an inverse which cannot be determined without knowledge of a certain set of parameters of the mathematical function. In one embodiment, the function F_(A) can be embodied as a polynomial function or multivariate polynomial function defined in part by one or more variables, combinations of variables, combinations of variables at various powers, and coefficients. To undo or unlock (e.g., decrypt) the effect of the cryptographic function F_(A), Alice also holds a first inverse cryptographic function F⁻¹A.

To start, at step 202, the process 20 includes Alice generating, with a first computing device, a first random lock X_(A). The first random lock X_(A) can be embodied as an array or vector of random scalar integers, for example, or another suitable organized structure of random numbers. In the process 20, the first random lock X_(A) can operate as a type of initialization vector upon which the cryptographic function F_(A) is applied in combination with the secret key X. For example, the first random lock X_(A) helps to randomize the application of the cryptographic function F_(A) creating, in effect, a new random cryptographic function F_(A) for each different random lock X_(A). In that context, the first random lock X₄ helps to achieve semantic security, so that repeated usage of the cryptographic function F_(A) with the same operand does not produce the same ciphered result and does not allow an attacker to infer any information.

At step 204, the process 20 includes Alice applying, with the first computing device, the first cryptographic function F_(A) to a combination of the secret key X and the first random lock X_(A) to produce a first encrypted result R₁. Here, Alice's secret key X, which can include letters, numbers, American Standard Code for Information Interchange (ASCII) characters, etc., is ciphered with random numbers (i.e., the first random lock X_(A)) using the cryptographic operation or function F_(A). The cryptographic function F_(A) can be embodied as any suitable mathematical function, such as a polynomial or multivariate polynomial function. For example, the cryptographic function F_(A) can be embodied as a polynomial function F(CX^(k)) of kth order written as:

$\begin{matrix} {{{F\left( {CX}^{k} \right)} = {\sum\limits_{i_{1} = 1}^{k}{\ldots{\sum\limits_{i_{2} = 1}^{k}{C\text{?}X\text{?}X_{i_{2}}\ldots X_{i_{2}}}}}}},} & (1) \end{matrix}$ ?indicates text missing or illegible when filed

where C_(i. . . k) are coefficients of the polynomial function F(CX^(k)), and X_(i . . . k) are combinations of the operand X, which can include a combination of a random lock and secret data.

Thus, at step 204, Alice's secret key X, which may include letters, numbers, American Standard Code for Information Interchange (ASCII) characters, etc., are ciphered with random numbers based on the first random lock X_(A) and the first cryptographic function F_(A). As an example, a distribution function of the variables in the results R₁, R₂, and R₃ is shown in FIG. 3A, and probability distribution functions of the variables in the results R₁, R₂, and R₃ is shown in FIG. 3B.

The structure of the polynomial function F(CX^(k)) and the coefficients can be known to others (although they generally are not) from the formalization of the algorithm. However, even if the structure of the polynomial function F and values of the coefficients C, k are known to a third party, the third party still cannot decrypt the transferred information.

At step 206, the process 20 includes Alice transmitting, with the first computing device, the first encrypted result R₁ to Bob's second computing device. At step 208, the process 20 includes Bob generating, with the second computing device, a second random lock X_(B). Similar to the first random lock X_(A), the second random lock X_(B) can be embodied as an array or vector of random scalar integers, for example, or another suitable organized structure of random numbers. In the process 20, the second random lock Xs can also operate as a type of initialization vector for the cryptographic function F_(B). For example, the second random lock X_(B) helps to randomize the application of Bob's cryptographic function F_(B) creating, in effect, a new random cryptographic function F_(B) for each different random lock_(XB). In that context, the second random lock X_(B) helps to achieve semantic security, so that repeated usage of the cryptographic function F_(B) with the same operand does not produce the same ciphered result and does not allow an attacker to infer any information.

At step 210, the process includes Bob applying, with the second computing device, Bob's cryptographic function F_(B) to a combination of the first encrypted result R₁ and the second random lock X_(B) to produce a second encrypted result R₂. Here, the first encrypted result R₁ (e.g., F_(A)(X,X_(A))) is (doubly) ciphered with random numbers (i.e., the second random lock X_(B)) using the cryptographic operation or function F_(B). The cryptographic function F_(B) can be embodied as any suitable mathematical function, such as a polynomial or multivariate polynomial function. For example, the cryptographic function F_(B) can be embodied as a polynomial function F(CX^(k)) of kth order according to that shown above in Equation (1).

At this point, Alice's secret key X has been encrypted or ciphered by two different cryptographic functions F_(A) and F_(B), each of them being sufficient to secure the secret key X from others. The two different cryptographic functions can then be inversed or removed, in any order, to reveal the secret key X. In other words, to decrypt the secret key X from the second encrypted result R₂ (i.e., to undo the effects of the cryptographic functions F_(A) and Fα) it is possible to either apply the inverse F¹ _(A) function to F_(A) or the inverse F¹ _(B) function to F_(B) first. Thus, according to one aspect of associative cryptography key operations described herein, the order in which the second encrypted result R₂ is applied to the inverse cryptographic functions F⁻¹ _(A) and F⁻¹ _(B). does not impact the results of the decryption of secret key X from the second encrypted result R₂. Further, any number of cryptographic functions to F₁ . . . F_(N) can be applied to encrypt secret data in any order to produce an encrypted result RN, and that encrypted result RN can be decrypted in any order using the inverse cryptographic functions F⁻¹ ₁ . . . F⁻¹ _(N).

At step 212, the process 20 includes Bob transmitting, with the second computing device, the second encrypted result R₂ to the first computing device. At step 214, the process 20 includes Alice applying, with the first computing device, the first inverse cryptographic function F⁻¹ _(A) to the second encrypted result R₂ to produce the result R₃. The first inverse cryptographic function F⁻¹ _(A) unlocks or removes the effect of both the first random lock X_(A) and the first cryptographic function F_(A). Thus, the result R₃ is what remains of the second encrypted result R₂ after the effect of the first random lock X_(A) and the first cryptographic function F_(A) are undone or unlocked (e.g., F_(B)(X,X_(B))). Thus the result R₃ is still encrypted, but only by Bob's second random lock X_(B) and the second cryptographic function F_(B), and the result R₃ can be securely transmitted over the public network.

At step 216, the process 20 includes Alice transmitting, with the first computing device, the result R₃ to the second computing device. Finally, at step 218, the process 20 includes Bob applying, with the second computing device, the second inverse cryptographic function F¹ _(B) to the result R₃ to arrive at the secret key X.

At the end of the process 20, the secret key X has been securely communicated from Alice to Bob. In contrast to the asymmetric key process described above with reference to FIG. 1 , key pairs are not used in the process 20.

The general idea embodied in the process 20 is based on certain features of the publically unknown vectors X and the publically available (potentially visible) vectors R. Particularly, the number of variables “n” of the vectors X {x₁, . . . , x_(n)} is always more than the number of variables “m” of the vectors R={r₁, . . . , r_(m)}, i.e., n>m. Thus, there are no known algorithms which give a definite decryption solution of the secret key X, based only on visible values of the vectors R in the public networks. From this point of view, the method is cryptanalysis resistant. To obtain the only solution x₁, . . . , x_(n) from the values r₁, . . . , r_(m) of the polynomial functions F_(A) and F_(B), the third party (e.g., outsider Eve) should have additional information about the structure of the random vectors X_(A) and X_(B), which are available for Alice and Bob only. For instance, from x₁+x₂+x₃=r₁, it is not possible for a third party to arrive at a single solution for x₁ with only the value of the variable r₁ being publically visible, because the additional information about the values of the variables x₂+x₃ are not known.

A comparison of the features of asymmetrical methods and the method described herein is give in Table 1 below.

TABLE 1 Public-Private Key Asymmetrical PWN Three Features (RSA, ECC) Pass Method Numbers Prime Numbers Any Random Numbers Time to Develop New Key Relatively Negligible More Costly Processing Time Relatively Negligible More Costly Inverse Function From Relatively Inverse Function Public Key Complex Does Not Exist Third Party Defeat Possible Never Public Network Output Constant, Random, For Constant Input predictable unpredictable

An example of the use of the method described herein is provided below. Using the method, plain text (as a letter or ASCII code of 256 numbers) is represented in ciphered text by three corresponding random numbers r₁, r₂ and r₃ which are calculated by a random generator. Table 2 shows an example of how the plain text “This is a plain text” appears in ciphered numbers.

TABLE 2 Plain text Ciphered text text r₁ r₂ r₃ T 0.001251 0.563585 0.003585 h 0.193304 0.808741 0.158307 i 0.585009 0.479873 0.28051  s 0.350291 0.895962 0.313555 0.82284  0.746605 0.614412 i 0.174108 0.858943 0.151801 s 0.710501 0.513535 0.363394 0.303995 0.014985 0.006167 a 0.091403 0.364452 0.035009 0.147313 0.165899 0.02575  p 0.988525 0.445692 0.438709 1 0.119083 0.004669  0.001204 i a  0.00891 1 0.37788 0.005292 i 0.531663 0.571184 0.303183 n 0.601764 0.607166 0.363988 0.166234 0.663045 0.113037 t 0.450789 0.352123 0.159469 e 0.057039 0.607685 0.037377 x 0.783319 0.802606 0.623152 t 0.519883 0.30195 0.157851

Uniform distribution is called “white noise” due to its informative features. For the letter ‘A’ (ASCII code 65), as one example, the random numbers may appear over the public net as r₁=0.001251, r₂=0.563585, r₃=0.560746 or r, =0.585009, r₂=0.479873, r₃=0.105796 and every time the random variables r₁, r₂, r₃ will be unpredictable. The correlation function between any two variables x and y is estimated as follows:

$\begin{matrix} {{{corr}\left( {x,y} \right)} = {\frac{\sum{\left( {x - \overset{\_}{x}} \right)\left( {y - \overset{\_}{y}} \right)}}{\sqrt{\sum{\left( {x - \overset{\_}{x}} \right)^{2}\left( {y - \overset{\_}{y}} \right)^{2}}}}.}} & (2) \end{matrix}$

The results of correlation function evaluation for pairs (r₁, r₂), (r₂, r₃) and (r₁, r₃) are given in Table 3 below.

TABLE 3 corr (r₁, r₂) corr (r₂, r₃) corr (r₁, r₃) −0.013927 −0.002873 −0.010771

The correlation is negligibly small, which means that ciphered information is encapsulated into white noise and is not analyzable by a third party. There are no known algorithms to decrypt the ciphered information without the encryption key.

In the approaches described herein, there are neither restrictions nor requirements on the encryption key number and length. All keys are equal in terms of crypt analysis resistance. Additionally, there are no correlations between the plain text and the ciphered random numbers (r₁, r₂, r₃), as the combinations of them are unpredictable. There are no known algorithms which can decrypt ciphered random numbers (r₁, r₂, r₃) into plain text without the key. There are no known algorithms which can recalculate the encryption key using visible ciphered random numbers (r₁, r₂, r₃) and visible plain text. There is no need for rotation of encryption keys if a physical, completely unpredictable random number generator is used. The series repetition period of real random numbers (r₁, r₂, r₃) is infinite.

Computational time needed to encrypt and decrypt data by the method described herein is significantly smaller than commonly used algorithms. Since the method uses polynomial functions, the transaction of numbers (or ASCII) should be controlled by calculation procedures. The analysis of 25,600,000 transactions demonstrates that the final error of the secret key value estimate does not exceed 0.001%. This means that, for example, the transaction of the letter ‘A,’ which is represented by the integer number 65 (ASCII), after all transformations from client to server could be calculated to be a number about 64.9999 (and depends in part on the random generator variables during the transaction).

A comparison of the features of a standard symmetrical method and the method described herein are given in Table 4 below.

TABLE 4 WNT One Pass Transaction Symmetrical (in combination with Three Features FIPS Pub 197 Pass Transaction) Encryption Key Rotation Must Have Not Needed Processing time Costly Negligible Security resistance Strong relation No Relation and key length Hack Costly Never (Potentially Impossible) Public net output for Constant, Random, constant input Predictable Unpredictable (without key rotation)

A computer program was developed to implement the method described herein. As shown in FIG. 4 , Alice securely sends her secret text “Hello bob” to Bob using the three pass transaction. In FIG. 4 , random values appear to a third party during the three pass transaction (specially shown in the blue box).

Among other benefits, the processes described herein can be used to achieve unbreakable (or nearly unbreakable) encryption over wireless, wired, and public networks, and against quantum computing attacks. It requires relatively little processing power for encrypting and decrypting and, thus, can be used for rapid verification and transactions. A practically limitless number of new keys can be generated on the fly. Thus, the keys can be changed on every transaction. Encryption and decryption can also occur on individual devices due to the high speed of encryption and low processing requirements. Further, there is no single point of compromise because every individual party has their own key. If a key is compromised, it is the one compromised and can be renewed or replaced.

An outline of various problems encountered and solutions that can be provided by the cryptographic systems described herein are given in Table 5 below.

TABLE 5 Problem Solution Establishing a secure Digital ID system in the cloud for and reliable ID for all processing Ids transactions ID system only used for registration and verification Information unhackable Having a secure payment Payment system using ID system that Email, internet banking, wireless eliminates fraud transaction Cryptocurrency that is Absolutely secure, stable, and secure and stable based on verifiable IDs Fast enough and secure Rapid trading and verification trading system for Trading exchanges connected to cryptocurrencies Exchange Mobile Payments Integrity over wireless signals and public net Transactions cannot be defrauded via screening or copying Key Management System Cloud key management service ID system to outsource all key management responsibilities People forget passwords Pass eliminates the use of and passwords are passwords using ID center a weak point in security

FIG. 5 illustrates a more particular example of a secret key transfer process 30 according to the concepts described herein. While an example using square matrices of a certain size is provided below, the concepts described herein can be extended to use with square matrices of any size. Further, although the example below is presented in certain cases as steps between “Alice” and “Bob,” the process is conducted by computing systems or devices.

At the outset, consider the key to be exchanged, K, as a sequence of m bytes, each including one of the ASCII codes from 0 to 255, as follows:

K={k ₁ ,k ₂ , . . . ,k _(m)},0≤k _(i)≤255.

For example, the key string “ABCD” can be presented as ASCII codes K={65, 66, 67, 68}. A sequence of real numbers X can then be defined as a transformation of the key numbers (i.e., k₁, k₂, k_(m)), which are integers, into real ones, as follows:

X=ϕ(K), ϕ:N ^(m) →R ^(m) and

X={x ₁ ,x ₂ , . . . ,x _(m) }, x _(i) ∈R.

The sequence of real numbers is put into set of second order square matrices, as follows:

$X = {{❘\begin{matrix} x_{1} & x_{2} \\ x_{3} & x_{4} \end{matrix}❘}\ldots{❘\begin{matrix} x_{m - 3} & x_{m - 2} \\ x_{m - 1} & x_{m} \end{matrix}❘}}$

If the number of real key numbers is not multiple of four, the last matrix is not fully filled in. In this case, the rest of the matrix members can be generated and added as any random numbers without influencing the algorithm.

Now, assume that Alice wants to pass the secret key K to Bob. For simplicity, however, consider one square matrix X, as follows:

$X = {❘\begin{matrix} x_{1} & x_{2} \\ x_{3} & x_{4} \end{matrix}❘}$

The matrix X decomposes into two singular matrices Z₁ and Z₂

X = Z₁Z₂, ${Z_{1} = {❘\begin{matrix} Z_{1} & Z_{2} \\ Z_{3} & \frac{Z_{2}Z_{3}}{Z_{1}} \end{matrix}❘}},{and}$ $Z_{2} = {❘\begin{matrix} Z_{4} & Z_{5} \\ Z_{6} & \frac{Z_{4}Z_{5}}{Z_{6}} \end{matrix}❘}$

At step 302, the process includes forming the matrix X as a singular matrix using a number of the real key numbers of the secret key K based on the following relationship x₄=x₂x₃/x₁. In that case, the inverse of matrix X, or X⁻¹, does not exist (see properties of singular matrices and matrix determinants in APPENDIX). In that case, the matrix X represents a portion of the secret key K, {k₁, k₂, k₃}.

As part of a first pass transaction, at step 302, the process further includes generating a uniformly distributed random matrices Y₁, Y₂ and inverse matrices Y₁ ⁻¹, Y₂ ⁻¹, as follows:

${Y_{1} = {❘\begin{matrix} y_{1} & y_{2} \\ y_{3} & y_{4} \end{matrix}❘}},$ ${Y_{1}^{- 1} = \frac{❘\begin{matrix} y_{4} & {- y_{2}} \\ {- y_{3}} & y_{1} \end{matrix}❘}{{y_{1}y_{4}} - {y_{2}y_{3}}}},{y_{i} \in R},{{y_{1}y_{4}} \neq {y_{2}y_{3}}},$ ${Y_{2} = {❘\begin{matrix} y_{5} & y_{6} \\ y_{7} & y_{8} \end{matrix}❘}},{and}$ ${Y_{2}^{- 1} = \frac{❘\begin{matrix} y_{8} & {- y_{6}} \\ {- y_{7}} & y_{5} \end{matrix}❘}{{y_{1}y_{4}} - {y_{2}y_{3}}}},{y_{i} \in R},{{y_{5}y_{8}} \neq {y_{6}{y_{7}.}}}$

At step 302, the process also includes generating uniformly distributed random centrosymmetric A₁, A₂, B₁, B₂, and inverse A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹, B₂ ⁻¹ matrices as follows:

${A_{1} = {❘\begin{matrix} a_{1} & a_{2} \\ a_{2} & a_{1} \end{matrix}❘}},$ ${A_{2} = {❘\begin{matrix} a_{3} & a_{4} \\ a_{4} & a_{3} \end{matrix}❘}},$ ${A_{1}^{- 1} = \frac{❘\begin{matrix} a_{1} & {- a_{2}} \\ {- a_{2}} & a_{1} \end{matrix}❘}{a_{1}^{2} - a_{2}^{2}}},$ ${A_{2}^{- 1} = \frac{❘\begin{matrix} a_{3} & a_{4} \\ a_{4} & a_{3} \end{matrix}❘}{a_{3}^{2} - a_{4}^{2}}},{a_{i} \in R},{a_{1}^{2} \neq a_{2}^{2}},{a_{3}^{2} \neq a_{4}^{2}},$ ${B_{1} = {❘\begin{matrix} b_{1} & b_{2} \\ b_{2} & b_{1} \end{matrix}❘}},$ ${B_{2} = {❘\begin{matrix} b_{3} & b_{4} \\ b_{4} & b_{3} \end{matrix}❘}},$ ${B_{1}^{- 1} = \frac{❘\begin{matrix} b_{1} & {- b_{2}} \\ {- b_{2}} & b_{1} \end{matrix}❘}{b_{1}^{2} - b_{2}^{2}}},$ ${B_{2}^{- 1} = {❘\begin{matrix} b_{3} & b_{4} \\ b_{4} & b_{3} \end{matrix}❘}},{b_{i} \in R},{b_{1}^{2} \neq b_{2}^{2}},{b_{3}^{2} \neq {b_{4}^{2}.}}$

Centrosymmetric square matrices A and B are always of the form AB=BA.

At step 304, the process includes Alice generating and sending matrices M₁ and M₂ to Bob, as follows:

${M_{1} = {❘\begin{matrix} m_{1}^{(1)} & m_{2}^{(1)} \\ m_{3}^{(1)} & m_{4}^{(1)} \end{matrix}❘}},$ ${M_{2} = {❘\begin{matrix} m_{1}^{(2)} & m_{2}^{(2)} \\ m_{3}^{(2)} & m_{4}^{(2)} \end{matrix}❘}},$ ${M_{3} = {❘\begin{matrix} m_{1}^{(3)} & m_{2}^{(3)} \\ m_{3}^{(3)} & m_{4}^{(3)} \end{matrix}❘}},{and}$ $M_{4} = {{❘\begin{matrix} m_{1}^{(4)} & m_{2}^{(4)} \\ m_{3}^{(4)} & m_{4}^{(4)} \end{matrix}❘}.}$

which are generated according to the following calculations:

M ₁ =Y ₁ A ₁,  (3)

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,  (4)

M ₃ =Y ₂ A ₂, and  (5)

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂.  (6)

Thus, at step 304, Alice sends to Bob fourteen publicly visible values (m₁ ⁽¹⁾, m₂ ⁽¹⁾, m₃ ⁽¹⁾, m₄ ⁽¹⁾, m₁ ⁽²⁾, m₂ ⁽²⁾, m₃ ⁽²⁾, m₁ ⁽³⁾, m₂ ⁽³⁾, m₃ ⁽³⁾, m₄ ⁽³⁾, m₁ ⁽⁴⁾, m₂ ⁽⁴⁾, m₃ ⁽⁴⁾) of matrices M₁, M₂, M₃ and M₄ that are calculated from twenty-two independent unknown (for the third party) variables (a₁, a₂, a₃, a₄, b₁, b₂, b₃, b₄, y₁, y₂, y₃, y₄, y₅, y₆, y₇, y₈, z₁, z₂, z₃, z₄, z₅, z₆) known by Alice only, as follows:

m₁⁽¹⁾ = a₁y₁ + a₂y₂, m₂⁽¹⁾ = a₂y₁ + a₁y₂, m₃⁽¹⁾ = a₁y₃ + a₂y₄, m₄⁽¹⁾ = a₂y₃ + a₁y₄, ${m_{1}^{(2)} = \frac{{b_{1}\left( {{x_{2}y_{4}} - {y_{2}x_{2}x_{3}/x_{1}}} \right)} + {b_{2}\left( {{y_{1}x_{2}x_{3}/x_{1}} - {x_{2}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}},$ ${m_{2}^{(2)} = \frac{{b_{1}\left( {{x_{2}y_{4}} - {y_{2}x_{2}x_{3}/x_{1}}} \right)} + {b_{2}\left( {{y_{1}x_{2}x_{3}/x_{1}} - {x_{2}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}},$ $m_{3}^{(2)} = \frac{{b_{2}\left( {{x_{1}y_{4}} - {x_{3}x_{3}y_{2}}} \right)} + {b_{1}\left( {{x_{3}y_{1}} - {x_{1}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}$ m₁⁽³⁾ = a₃y₅ + a₄y₆, m₂⁽³⁾ = a₄y₅ + a₃y₆, m₃⁽³⁾ = a₃y₇ + a₄y₈, m₄⁽³⁾ = a₄y₇ + a₃y₈, ${m_{1}^{(4)} = \frac{{b_{3}\left( {{x_{4}y_{8}} - {x_{6}y_{6}}} \right)} + {b_{4}\left( {{x_{6}y_{5}} - {x_{4}y_{7}}} \right)}}{{y_{5}y_{4}} - {y_{6}y_{3}}}},$ ${m_{2}^{(4)} = \frac{{b_{3}\left( {{x_{5}y_{8}} - {y_{6}\frac{x_{5}x_{6}}{x_{4}}}} \right)} + {b_{4}\left( {{y_{5}\frac{x_{5}x_{6}}{x_{4}}} - {x_{5}y_{7}}} \right)}}{{y_{5}y_{4}} - {y_{6}y_{3}}}},{and}$ $m_{3}^{(4)} = {\frac{{b_{4}\left( {{x_{6}y_{8}} - {x_{6}y_{6}}} \right)} + {b_{3}\left( {{x_{6}y_{5}} - {x_{4}y_{7}}} \right)}}{{y_{5}y_{8}} - {y_{6}y_{7}}}.}$

The variable m₄ ⁽²⁾ and m₄ ⁽⁴⁾ of the singular matrices M₂ and M₂ are used as m₄ ⁽²⁾=m₂ ⁽²⁾m₃ ⁽²⁾/m₁ ⁽²⁾ and m₄ ⁽²⁾=m₂ ⁽²⁾m₃ ⁽²⁾/m₁ ⁽²⁾.

As a second pass transaction, at step 306, the process includes Bob receiving the M₁ and M₂ matrices from Alice. At step 306, the process includes generating uniformly distributed random centrosymmetric matrices C₁, C₂ and inverse C₁ ⁻¹, C₂ ⁻¹ matrices, as follows:

${C_{1} = {❘\begin{matrix} c_{1} & c_{2} \\ c_{2} & c_{1} \end{matrix}❘}},$ ${C_{2} = {❘\begin{matrix} c_{3} & c_{4} \\ c_{4} & c_{3} \end{matrix}❘}},$ ${C_{1}^{- 1} = \frac{❘\begin{matrix} c_{1} & {- c_{2}} \\ {- c_{2}} & c_{1} \end{matrix}❘}{c_{1}^{2} - c_{2}^{2}}},{c_{i} \in R},{c_{1}^{2} \neq c_{2}^{2}},{and}$ ${C_{2}^{- 1} = \frac{❘\begin{matrix} c_{3} & {- c_{4}} \\ {- c_{4}} & c_{3} \end{matrix}❘}{c_{3}^{2} - c_{4}^{2}}},{c_{i} \in R},{c_{3}^{2} \neq {c_{4}^{2}.}}$

The process at step 306 also includes generating uniformly distributed random matrices D and H, as follows:

${D = {❘\begin{matrix} d_{1} & d_{2} \\ d_{3} & d_{4} \end{matrix}❘}},{and}$ ${H = {❘\begin{matrix} h_{1} & h_{2} \\ h_{3} & h_{4} \end{matrix}❘}},d_{i},{h_{i} \in R},{{d_{1}d_{4}} \neq {d_{2}d_{3}}},{{h_{1}h_{4}} \neq {h_{2}{h_{3}.}}}$

The process at step 306 also includes generating corresponding inverse matrices a′ and H⁻¹, as follows:

${D^{- 1} = \frac{❘\begin{matrix} d_{1} & d_{2} \\ d_{3} & d_{4} \end{matrix}❘}{{d_{1}d_{4}} - {d_{2}d_{3}}}},{and}$ $H^{- 1} = {\frac{❘\begin{matrix} h_{1} & h_{2} \\ h_{3} & h_{4} \end{matrix}❘}{{h_{1}h_{4}} - {h_{2}h_{3}}}.}$

The process at step 306 also includes generating the matrices M₅, M₆, M₇ and M₈, as follows:

${M_{5} = {❘\begin{matrix} m_{1}^{(5)} & m_{2}^{(5)} \\ m_{3}^{(5)} & m_{4}^{(5)} \end{matrix}❘}},$ ${M_{6} = {❘\begin{matrix} m_{1}^{(6)} & m_{2}^{(6)} \\ m_{3}^{(6)} & m_{4}^{(6)} \end{matrix}❘}},$ ${M_{7} = {❘\begin{matrix} m_{1}^{(7)} & m_{2}^{(7)} \\ m_{3}^{(7)} & m_{4}^{(7)} \end{matrix}❘}},{and}$ $M_{8} = {❘\begin{matrix} m_{1}^{(8)} & m_{2}^{(8)} \\ m_{3}^{(8)} & m_{4}^{(8)} \end{matrix}❘}$

as a result of the following calculations:

M ₅ =DM ₁ C ₁ ⁻ =D ₁ Y ₁ A ₁ C ₁ ⁻,  (7)

M ₆ =C ₁ M ₂ E=C ₁ B ₁ Y ₁ ⁻ Z ₁ E,  (8)

M ₇ =E ⁻ M ₃ C ₂ ⁻ =E ⁻¹ YA ₂ C ₂ ⁻, and  (9)

M ₈ =C ₂ M ₄ H=C ₂ B ₂ Y ₂ ⁻ Z ₂ H.  (10)

At step 308, the process includes Bob sending to Alice fourteen publicly visible values (m₁ ⁽⁵⁾, m₂ ⁽⁵⁾, m₃ ⁽⁵⁾, m₄ ⁽⁵⁾, m₁ ⁽⁶⁾, m₂ ⁽⁶⁾, m₃ ⁽⁶⁾, m₁ ⁽⁷⁾, m₂ ⁽⁷⁾, m₃ ⁽⁷⁾, m₄ ⁽⁷⁾, m₁ ⁽⁸⁾, m₂ ⁽⁸⁾, m₃ ⁽⁸⁾ of matrices M₃ and M₄ that are calculated from sixteen independent unknown (for the third party) variables (c₁, c₂, c₃, c₄, d₁, d₂, d₃, d₄, e₁, e₂, e₃, e₄, h₁, h₂, h₃, h₄) which are known by Bob only, as follows:

${m_{1}^{(5)} = \frac{{c_{1}\left( {{d_{1}m_{1}^{(1)}} + {d_{2}m_{\text{?}}^{(1)}}} \right)} - {c_{3}\left( {{d_{1}m_{2}^{(1)}} + {d_{\text{?}}m_{4}^{(1)}}} \right)}}{c_{3}^{2} < c_{2}^{2}}},$ ${m_{2}^{(5)} = \frac{{\text{?}\left( {{d_{1}m_{2}^{(1)}} + {d_{2}m_{\text{?}}^{(\text{?})}}} \right)} - {c_{\text{?}}\left( {{d_{\text{?}}m_{1}^{(1)}} + {d_{\text{?}}m_{\text{?}}^{(1)}}} \right)}}{c_{\text{?}}^{2} < c_{\text{?}}^{2}}},$ ${m_{3}^{(5)} = \frac{{c_{1}\left( {{d_{\text{?}}m_{1}^{(\text{?})}} + {d_{\text{?}}m_{\text{?}}^{(\text{?})}}} \right)} - {c_{2}\left( {{d_{\text{?}}m_{2}^{(1)}} + {d_{\text{?}}m_{\text{?}}^{(\text{?})}}} \right)}}{c_{}^{2} < c_{}^{2}}},$ ${m_{4}^{(5)} = \frac{{c_{1}\left( {{d_{\text{?}}m_{2}^{(\text{?})}} + {d_{\text{?}}m_{4}^{(\text{?})}}} \right)} - {c_{2}\left( {{d_{\text{?}}m_{1}^{(1)}} + {d_{\text{?}}m_{3}^{(1)}}} \right)}}{c_{\text{?}}^{2} - c_{}^{2}}},$ m₁⁽⁶⁾ = (c₁m₁⁽²⁾ + c₂m₃⁽²⁾)e₁ + (c₁m₂⁽²⁾ + c₂m_(?)⁽²⁾)e_(?), m₂⁽⁶⁾ = (c₁m₁⁽²⁾ + c₂m₃⁽²⁾)e₂ + (c₁m₂⁽²⁾ + c₂m₄⁽²⁾)e₄, m₃⁽⁶⁾ = (c₂m₁⁽²⁾ + c₁m₃⁽²⁾)e₁ + (c₂m₂⁽²⁾ + c_(?)m₄⁽²⁾)e₃, m₄⁽⁶⁾ = m₂⁽⁶⁾m₃⁽⁶⁾/m₁⁽⁶⁾, ${m_{1}^{(7)} = \frac{{c_{3}\left( {{e_{4}m_{1}^{(\text{?})}} - {\text{?}m_{\text{?}}^{(\text{?})}}} \right)} - {c_{\text{?}}\left( {{e_{\text{?}}m_{2}^{(3)}} - {e_{\text{?}}m_{4}^{(3)}}} \right)}}{\left( {c_{\text{?}}^{2} - c_{\text{?}}^{\text{?}}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$ ${m_{2}^{(7)} = \frac{{c_{2}\left( {{c_{1}m_{2}^{(3)}} - {\text{?}m_{4}^{(3)}}} \right)} - {c_{\text{?}}\left( {{e_{\text{?}}m_{\text{?}}^{(\text{?})}} - {e_{\text{?}}m_{\text{?}}^{(\text{?})}}} \right)}}{\left( {c_{3}^{3} - c_{4}^{3}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$ ${m_{3}^{(7)} = \frac{{\text{?}\left( {{c_{\text{?}}m_{\text{?}}^{(3)}} - {\text{?}m_{1}^{(3)}}} \right)} - {c_{\text{?}}\left( {{e_{\text{?}}m_{\text{?}}^{(3)}} - {e_{\text{?}}m_{2}^{(3)}}} \right)}}{\left( {c_{3}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$ ${m_{4}^{(7)} = \frac{{c_{3}\left( {{c_{1}m_{4}^{(\text{?})}} - {\text{?}m_{2}^{(2)}}} \right)} - {\text{?}\left( {{e_{\text{?}}m_{\text{?}}^{(\text{?})}} - {e_{\text{?}}m_{\text{?}}^{(3)}}} \right)}}{\left( {c_{\text{?}}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$ m₁⁽⁸⁾ = (c₃m₁⁽⁴⁾ + c₄m₃⁽⁴⁾)h₁ + (c₃m₂⁽⁴⁾ + c₄m₄⁽⁴⁾)h₃, ${m_{2}^{(8)} = {{\left( {{c_{3}m_{3}^{\overset{.}{(4)}}} + {c_{4}m_{3}^{(4)}}} \right)h_{2}} + {\left( {{c_{3}m_{2}^{(4)}} + {c_{4}m_{4}^{(4)}}} \right)h_{4}}}},$ m₃⁽⁸⁾ = (c₄m₁⁽⁴⁾ + c₃m₃⁽⁴⁾)h₁ + (c₄m₂⁽⁴⁾ + c₃m₄⁽⁴⁾)h₃, ?indicates text missing or illegible when filed

and

As a third pass transaction, at step 310, the process includes Alice receiving from Bob the matrices M₅, M₆, M₇ and M₈ as follows:

M ₅ =DY ₁ A ₁ C ₁ ⁻,

M ₆ =C ₁ B ₁ Y ₁ ⁻ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹, and

M ₈ =CBY ⁻¹ XH.

Note that centrosymmetric matrices satisfy the following conditions:

AC ⁻¹ =C ⁻¹ Aand

CB=BC,

meaning that the matrices M₅, M₆, M₇, and M₈ can be transformed into:

M ₅ =DY ₁ A ₁ C ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E=B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂, and

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H=B ₂ C ₂ Y ₂ ⁻¹ Z ₂ H.

Thus, at step 312, the process includes multiplying the matrices M₅, M₆, M₇ and M₈ with the known inverse matrices A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹ and B₂ ⁻¹, respectively, as follows:

M ₅ A ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁ A ₁ ⁻¹ =DY ₁ C ₁ ⁻¹,

B ₁ ⁻¹ M ₆ =B ₁ ⁻¹ B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E=C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ A ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂ A ₂ ⁻¹=⁻¹ Y ₂ C ₂ ⁻¹, and

B ₂ ⁻¹ M ₈ =B ₂ ⁻¹ B ₂ C ₂ Y ₂ ⁻¹ H=C ₂ Y ₂ ⁻¹ Z ₂ H.

Further, at step 314, the process includes multiplying the results of those together to arrive at the matrix M₅, as follows:

$\begin{matrix} {{M_{9} = {M_{5}A_{t}^{- 1}B_{t}^{- 1}M_{6}M_{7}A_{2}^{- I}B_{2}^{- I}{Ms}}},} & (11) \end{matrix}$ M₉ = DY₁C₁⁻¹C₁Y₁⁻¹Z₁EE⁻¹Y₂C₂⁻¹C₂Y₂⁻¹Z₂H = DZ₁Z₂H, suchthat M₉ = DXH, and $M_{9} = {{❘\begin{matrix} m_{1}^{(9)} & m_{2}^{(9)} \\ m_{3}^{(9)} & m_{4}^{(9)} \end{matrix}❘}.}$

At step 316, the process includes Alice sending the following three publicly visible values to Bob (m₁ ⁽⁹⁾, m₂ ⁽⁹⁾, m₃ ⁽⁹⁾, as follows:

m ₁ ⁽⁹⁾=(d ₁ x ₁ +d ₂ x ₃)h ₁+(d ₁ x ₂ +d ₂ x ₄h₃,

m ₂ ⁽⁹⁾=(d ₁ x ₁ +d ₂ x ₃)h ₂+(d ₁ x ₂ +d ₂ x ₄)h ₄,

m ₃ ⁽⁹⁾=(d ₃ x ₁ +d ₄ x ₃)h ₁+(d ₂ x ₂ +d ₄ x ₄)h ₃, and

m ₄ ⁽⁹⁾ =m ₃ ⁽⁹⁾ m ₂ ⁽⁹⁾ /m ₁ ⁽⁹⁾.

Thus, as part of the final key restoration at step 316, Bob receives the matrix M9 from Alice, as follows:

M ₉ =DXH.

At step 318, the process includes Bob restoring the key X from Alice by using inverse matrices D⁻¹ and H⁻¹, which are known to Bob, and the matrix M₅, as follows:

D ⁻¹ M ₉ H ⁻¹ =D ⁻¹DXHH⁻¹ =X.

As shown in Table 6 below, the entire scheme of the key exchange process can be performed using an exchange of matrices with a corresponding number of different unknown independent variables (underlined in Table 6) and visible (by the third party) values (bolded in Table 6). This scheme demonstrates that the number of unknown independent variables always exceeds the number of visible independent values in any combination of subsets of matrices.

This means that the system of nonlinear equations is an indeterminate system. There are no algorithms for the third party to obtain unknown independent variables including the secret key X using the visible independent values.

TABLE 6 Independers Variables Variables Values 1 Alice Y₁A₁ A₁[2], Y₁[4] 22 M₁[4] 4 14 B₁Y₁ ⁻¹Z₁ B₁[2], Z₁[3] M₂[4] 3 Y₂A₂ A₂[2], Y₂[4] M₃[4] 4 B₂Y₂ ⁻¹Z₂ B₂[2], Z₂[3] M₄[4] 3 2 Bob DY₁A₁Ct⁻¹ D [4], C_(t)[2] 16 M₅[4] 4 14 C₁B₁Y₁ ⁻¹Z₁E E [4] M₆[4] 3 E⁻¹Y₂A₂C₂ ⁻¹ M₇[4] 4 C₂B₂Y₂ ⁻¹ Z²H C₂[2], H [4] M₈[4] 3 3 Alice DXH M₉[4] 3 3 Total 38 31

The direct restoration of the matrix X (using formula transformations of Eqs. 3-11 is also impossible. Note that the matrix X is singular. It leads to several features, which are used to perform the key exchange algorithm resistant against the third party decryption (see APPENDIX):

The matrices M₂, M₄, M₆, M₈, and M₉

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H, and

are also singular (due to the matrices Z₁ and Z₂ being singular).

Thus, the equation M₅L₁M₆M₇L₂M₈=M₉ (from the Eqs. 7-10) can not be resolved in regards to centrosymmetric matrices L₁=A₁ ^(−1B) ₁ ⁻¹ and L₂=A₂ ^(−1B) ₂ ⁻¹ by the third party as far as the matrix M₉ is singular so, the direct calculation X=M₁L₁M₂M₃L₂M₄ is not possible.

The concepts described herein can be used for other cryptographic operations, such as key exchanging using authentication. FIG. 6 illustrates an example secret material or key exchanging process using authentication according to the concepts described herein.

As shown in FIG. 6 , Alice wants to pass the secret key K to Bob. They use Ed as an independent party for authentication. In the transaction, the square singular matrix

$X = {❘\begin{matrix} x_{1} & x_{2} \\ x_{3} & x_{4} \end{matrix}❘}$

is used to represent the key K={k₁, k₂, k₃}, where x₄=x₂x₃/x₁.

It is assumed that Alice and Bob both have passed the authentication procedure and both have got corresponding session numbers N₁ ^(A), N₂ ^(A) and N₁ ^(B), N₂ ^(B) from Ed according to the concepts described above.

Alice and Bob form centrosymmetric matrices N^(A) and N^(B) correspondently, as follows:

$N_{A} = {{{❘\begin{matrix} N_{1}^{A} & N_{2}^{A} \\ N_{2}^{A} & N_{1}^{A} \end{matrix}❘}{and}N_{AB}} = {{❘\begin{matrix} N_{1}^{B} & N_{2}^{B} \\ N_{2}^{B} & N_{1}^{B} \end{matrix}❘}\overset{.}{\_}}}$

As part of a first pass transaction, at step 402, the process 40 includes Alice generating uniformly distributed random matrices Y₁, Y₂ and inverse matrices Y₁ ⁻¹, Y₂ ⁻¹, as follows:

${Y_{1} = {❘\begin{matrix} y_{1} & y_{2} \\ y_{3} & y_{4} \end{matrix}❘}},$ $\begin{matrix} {{Y_{1}^{- 1} = \frac{❘\begin{matrix} y_{4} & {- y_{2}} \\ {- y_{3}} & y_{1} \end{matrix}❘}{{y_{1}y_{4}} - {y_{2}y_{3}}}},} & {{y_{l} \in R},} & {{{y_{1}y_{4}} \neq {y_{2}y_{3}}},} \end{matrix}$ ${Y_{2} = {❘\begin{matrix} y_{5} & y_{6} \\ y_{7} & y_{8} \end{matrix}❘}},{and}$ $\begin{matrix} {{Y_{2}^{- 1} = \frac{❘\begin{matrix} y_{8} & {- y_{6}} \\ {- y_{7}} & y_{5} \end{matrix}❘}{{y_{5}y_{8}} - {y_{6}y_{7}}}},} & {{y_{i} \in R},} & {{y_{5}y_{8}} \neq {y_{6}{y_{7}.}}} \end{matrix}$

Alice also generates uniformly distributed random centrosymmetric matrices A and B, as follows:

${A_{1} = {❘\begin{matrix} a_{1} & a_{2} \\ a_{2} & a_{1} \end{matrix}❘}},$ ${A_{2} = {❘\begin{matrix} a_{3} & a_{4} \\ a_{4} & a_{3} \end{matrix}❘}},$ ${A_{1}^{- 1} = \frac{❘\begin{matrix} a_{1} & {- a_{2}} \\ {- a_{2}} & a_{1} \end{matrix}❘}{a_{1}^{2} - a_{2}^{2}}},$ $\begin{matrix} {{A_{2}^{- 1} = \frac{❘\begin{matrix} a_{3} & a_{4} \\ a_{4} & a_{3} \end{matrix}❘}{a_{3}^{2} - a_{4}^{2}}},} & {{a_{i} \in R},} & {{a_{1}^{2} \neq a_{2}^{2}},} & {{a_{3}^{2} \neq a_{4}^{2}},} \end{matrix}$ ${B_{1} = {❘\begin{matrix} b_{1} & b_{2} \\ b_{2} & b_{1} \end{matrix}❘}},$ ${B_{2} = {❘\begin{matrix} b_{3} & b_{4} \\ b_{4} & b_{3} \end{matrix}❘}},$ $\begin{matrix} {{B_{2}^{- 1} = {❘\begin{matrix} b_{3} & {- b_{4}} \\ {- b_{4}} & b_{3} \end{matrix}❘}},} & {{b_{i} \in R},} & {{b_{1}^{2} \neq b_{2}^{2}},} & {b_{3}^{2} \neq {b_{4}^{2}.}} \end{matrix}$

Note that any centrosymmetric square matrices A and B always have the following feature: AB=BA. At step 404, the process includes Alice sending to Bob results as matrices M₁ and M₂, as follows:

${M_{1} = {❘\begin{matrix} m_{1}^{(1)} & m_{2}^{(1)} \\ m_{3}^{(1)} & m_{4}^{(1)} \end{matrix}❘}},$ ${M_{2} = {❘\begin{matrix} m_{1}^{(2)} & m_{2}^{(2)} \\ m_{3}^{(2)} & m_{4}^{(2)} \end{matrix}❘}},$ ${M_{3} = {❘\begin{matrix} m_{1}^{(3)} & m_{2}^{(3)} \\ m_{3}^{(3)} & m_{4}^{(3)} \end{matrix}❘}},{and}$ $M_{4} = {{❘\begin{matrix} m_{1}^{(4)} & m_{2}^{(4)} \\ m_{3}^{(4)} & m_{4}^{(4)} \end{matrix}❘}.}$

of the following calculations:

M ₁ =Y ₁ A ₁,  (1_(B))

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,  (2_(B))

M ₃ =Y ₂ A ₂, and  (3_(B))

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂.  (4_(B))

As part of a second pass transaction, at step 406, Bob receives M₁ and M₂ from Alice. Bob generates uniformly distributed random centrosymmetric matrices C₁, C₂ and inverse C₁ ⁻¹, C₂ ⁻¹ matrices, as follows:

${C_{1} = {❘\begin{matrix} c_{1} & c_{2} \\ c_{2} & c_{1} \end{matrix}❘}},$ ${C_{2} = {❘\begin{matrix} c_{3} & c_{4} \\ c_{4} & c_{3} \end{matrix}❘}},$ $\begin{matrix} {{C_{1}^{- 1} = \frac{❘\begin{matrix} c_{1} & {- c_{2}} \\ {- c_{2}} & c_{1} \end{matrix}❘}{c_{1}^{2} - c_{2}^{2}}},} & {\begin{matrix} {{c_{i} \in R},} & {{c_{1}^{2} \neq c_{2}^{2}},} \end{matrix}{and}} \end{matrix}$ $\begin{matrix} {{C_{2}^{- 1} = \frac{❘\begin{matrix} c_{3} & {- c_{4}} \\ {- c_{4}} & c_{3} \end{matrix}❘}{c_{3}^{2} - c_{4}^{2}}},} & {{c_{i} \in R},} & {c_{3}^{2} \neq {c_{4}^{2}.}} \end{matrix}$

and uniformly distributed random matrices D and H, as follows:

${D = {❘\begin{matrix} d_{1} & d_{2} \\ d_{3} & d_{4} \end{matrix}❘}},{and}$ $\begin{matrix} {{H = {❘\begin{matrix} h_{1} & h_{2} \\ h_{3} & h_{4} \end{matrix}❘}},} & {d_{i},{h_{i} \in R},} & {{{d_{1}d_{4}} \neq {d_{2}d_{3}}},} & {{{h_{1}h_{4}} \neq {h_{2}h_{3}}},} \end{matrix}$

and correspondent inverse matrices D⁻¹ and H⁻¹ as follows:

${D^{- 1} = \frac{❘\begin{matrix} d_{1} & d_{2} \\ d_{3} & d_{4} \end{matrix}❘}{{d_{1}d_{4}} - {d_{2}d_{3}}}},{and}$ $H^{- 1} = {\frac{❘\begin{matrix} h_{1} & h_{2} \\ h_{3} & h_{4} \end{matrix}❘}{{h_{1}h_{4}} - {h_{2}h_{3}}}.}$

At step 406, Bob also obtains the matrices M₅, M₆, M₇ and M₈, defined as follows:

${M_{5} = {❘\begin{matrix} m_{1}^{(5)} & m_{2}^{(5)} \\ m_{3}^{(5)} & m_{4}^{(5)} \end{matrix}❘}},$ ${M_{6} = {❘\begin{matrix} m_{1}^{(6)} & m_{2}^{(6)} \\ m_{3}^{(6)} & m_{4}^{(6)} \end{matrix}❘}},$ ${M_{7} = {❘\begin{matrix} m_{1}^{(7)} & m_{2}^{(7)} \\ m_{3}^{(7)} & m_{4}^{(7)} \end{matrix}❘}},{and}$ $M_{8} = {❘\begin{matrix} m_{1}^{(8)} & m_{2}^{(8)} \\ m_{3}^{(8)} & m_{4}^{(8)} \end{matrix}❘}$

as a result of the following calculations:

M ₅ =DM ₁ C ₁ ⁻¹ =D ₁ Y ₁ A ₁ C ₁ ⁻¹,  (5_(B))

M ₆ =C ₁ M ₂ E=C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,  (6_(B))

M ₇ =E ⁻¹ M ₃ C ₂ ⁻¹ =E ⁻¹ YA ₂ C ₂ ⁻¹, and  (7_(B))

M ₈ =C ₂ M ₄ H=C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H.  (8_(B))

As part of a third pass transaction, at step 408, the process includes Alice generating a uniformly distributed random matrix G, as follows:

$\begin{matrix} {{G = {❘\begin{matrix} g_{1} & g_{2} \\ g_{3} & g_{4} \end{matrix}❘}},} & {g_{i} \in {R.}} \end{matrix}$

Alice receives from Bob the matrices M₅, M₆, M₇ and M₈, as follows:

M ₅ =DY ₁ A ₁ C ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E=B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂, and

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H=B ₂ C ₂ Y ₂ ⁻¹ Z ₂ H.

At step 408, the process also includes Alice multiplying both the matrices M₅, M₆, M₇ and M₈ with the inverse matrices which are known to her, A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹ and B₂ ⁻¹, respectively, as follows:

B₁⁻¹M₆ = B₁⁻¹B₁C₁Y₁⁻¹Z₁E = C₁Y₁⁻¹Z₁E, B₁⁻¹M₆ = B₁⁻¹B₁C₁Y₁⁻¹Z₁E = C₁Y₁⁻¹Z₁E, M₇A₂⁻¹ = E⁻¹Y₂C₂⁻¹A₂A₂⁻¹ = E⁻¹Y₂C₂⁻¹, and B₂⁻¹M₈ = B₂⁻¹B₂C₂Y₂⁻¹Z₂H = C₂Y₂⁻¹Z₂H, M₅ = GM₅A₁⁻¹B₁⁻¹M₆M₇A₂⁻¹B₂⁻¹M₈ = GDY₁C₁⁻¹C₁Y₁⁻¹Z₁EE⁻¹Y₂C₂⁻¹C₂Y₂⁻¹Z₂H, such M₉ = GDXH(9B), where $M_{9} = {{❘\begin{matrix} m_{1}^{(9)} & m_{2}^{(9)} \\ m_{3}^{(9)} & m_{4}^{(9)} \end{matrix}❘}.}$

At step 410, the process includes Alice sending three publicly visible values to Bob, including (m₁ ⁽⁹⁾, m₂ ⁽⁹⁾, m₃ ⁽⁹⁾). The matrix M₉ is singular and m₄ ⁽⁹⁾=m₃ ⁽⁹⁾m₂ ⁽⁹⁾/m₁ ⁽⁹⁾. At step 412, Alice also sends four publicly visible values to Ed (m₁ ⁽⁶⁾, m₂ ⁽⁶⁾, m₃ ⁽⁶⁾, m₄ ⁽⁶⁾ of the matrix M₁₀, defined as:

${M_{10} = {❘\begin{matrix} m_{1}^{(10)} & m_{2}^{(10)} \\ m_{3}^{(10)} & m_{4}^{(10)} \end{matrix}❘}},$

as a result of the following calculations:

M ₁₀-N ^(A) G.  (9_(B))

For authentication, Ed receives the matrix M₆ from Alice. At step 414, Ed sends to Bob the matrix M₁₁ using the inverse matrix (N^(A))⁻¹ and the matrix N^(B) as follows:

M ₁₁ =N ^(B)(N ^(A))⁻¹ N ^(A) G=N ^(B) G,

M ₁₁ =N ^(B) G.  (10_(B)).

As part of the final key restoration, at step 416, the process includes Bob receiving the matrix M₁₁ from Ed and obtaining the matrix G using the inverse matrix (N^(B))⁻¹, as follows:

G=(N ^(B))⁻¹ M ₁₁=(N ^(B))⁻¹ N ^(B) G.

Bob also receives the matrix M₉ from Alice at step 410. Using inverse matrices G⁻¹, D⁻¹, and H⁻¹, which are known to Bob, he can restore the key X from the received matrix M₅ as follows:

D ⁻¹ G ⁻¹ M ₉ H ⁻¹ =D ⁻¹ G ⁻¹GDXHH⁻¹ =X.

The embodiments described herein can be implemented by either a method or process or as a system or device. The method can be performed using any suitable computing device, and the system can be embodied as any suitable computing device. The computing device can include at least one processing system, for example, having one or more processors and memories electrically and communicatively coupled together using a local interface. The local interface can be embodied as a data bus with an accompanying address/control bus or other addressing, control, and/or command lines.

In various embodiments, the memory can store data and software or executable code components executable by the processor. For example, the memory can store executable-code components associated with cryptographic operations for execution by the processor. The software or executable-code components can be developed using or embodied in various programming languages, such as, for example, C, C++, C #, Objective C, JAVA®, JAVASCRIPT®, Perl, PHP, VISUAL BASIC®, PYTHON®, RUBY, FLASH®, or other programming languages.

The embodiments can rely, in part, on executable instructions or instructions for execution by the computing device. The terms “executable” or “for execution” refer to software forms that can ultimately be run or executed by a processor, whether in source, object, machine, or other form. Examples of executable programs include, for example, a compiled program that can be translated into a machine code format and loaded into a random access portion of memory and executed by a processor, source code that can be expressed in an object code format and loaded into a random access portion of the memory and executed by the processor, or source code that can be interpreted by another executable program to generate instructions in a random access portion of the memory and executed by the processor, etc.

An executable program can be stored in any portion or component of the memory including, for example, a random access memory (RAM), read-only memory (ROM), magnetic or other hard disk drive, solid-state, semiconductor, or similar drive, universal serial bus (USB) flash drive, memory card, optical disc (e.g., compact disc (CD)) or digital versatile disc (DVD)), floppy disk, magnetic tape, or other memory component.

Although the process diagram shown in FIGS. 2 and 5 illustrate a certain order, it is understood that the order can differ from that which is depicted. For example, an order of execution of two or more blocks can be scrambled relative to the order shown. Also, two or more blocks shown in succession can be executed concurrently or with partial concurrence. Further, in some embodiments, one or more of the blocks can be skipped or omitted. In addition, any number of counters, state variables, warning semaphores, or messages might be added to the logical flow described herein, for purposes of enhanced utility, accounting, performance measurement, or providing troubleshooting aids, etc. It is understood that all such variations are within the scope of the present disclosure.

Also, any algorithm, method, process, or logic described herein that are embodied, at least in part, by software or executable-code components, can be embodied or stored in any tangible or non-transitory computer-readable medium or device for execution by an instruction execution system such as a general purpose processor. In this sense, the logic can be embodied as, for example, software or executable-code components that can be fetched from the computer-readable medium and executed by the instruction execution system. Thus, the instruction execution system can be directed by execution of the instructions to perform certain processes such as those illustrated in FIG. 2 . In the context of the present disclosure, a “computer-readable medium” can be any tangible medium that can contain, store, or maintain any logic, application, software, or executable-code component described herein for use by or in connection with an instruction execution system.

The computer-readable medium can include any physical media such as, for example, magnetic, optical, or semiconductor media. More specific examples of suitable computer-readable media include, but are not limited to, magnetic tapes, magnetic floppy diskettes, magnetic hard drives, memory cards, solid-state drives, USB flash drives, or optical discs. Also, the computer-readable medium can include a RAM including, for example, an SRAM, DRAM, or MRAM. In addition, the computer-readable medium can include a ROM, a PROM, an EPROM, an EEPROM, or other similar memory device.

Disjunctive language, such as the phrase “at least one of X, Y, or Z,” unless specifically stated otherwise, is to be understood with the context as used in general to present that an item, term, etc., can be either X, Y, or Z, or any combination thereof (e.g., X, Y, and/or Z). Thus, such disjunctive language is not generally intended to, and should not, imply that certain embodiments require at least one of X, at least one of Y, or at least one of Z to be each present.

It should be emphasized that the above-described embodiments of the present disclosure are merely possible examples of implementations set forth for a clear understanding of the principles of the disclosure. Many variations and modifications can be made to the above-described embodiment(s) without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims. 

1. (canceled)
 2. A method of cryptography, comprising: generating, with a computing device, a random lock; and applying, with the computing device, a cryptographic function to a combination of secret data and the random lock to produce an encrypted result.
 3. The method according to claim 2, wherein the cryptographic function comprises at least one of a polynomial function or a multivariate polynomial function defined in part by one or more variables and coefficients.
 4. The method according to claim 2, further comprising applying, with the computing device, an inverse cryptographic function to the encrypted result to arrive at the secret data.
 5. The method according to claim 4, wherein the inverse cryptographic function comprises at least one of an inverse polynomial function or an inverse multivariate polynomial function. 6-12. (canceled)
 13. A device for implementing cryptography, comprising: a memory configured for storing an application, the application configured for: generating a random lock; and applying a cryptographic function to a combination of secret data and the first random lock to produce an encrypted result; and a processor configured for processing the application.
 14. The device according to claim 13, wherein the cryptographic function comprises at least one of a polynomial function or a multivariate polynomial function defined in part by one or more variables and coefficients.
 15. The device according to claim 13, wherein the application is further configured for applying an inverse cryptographic function to the encrypted result to arrive at the secret data.
 16. The device according to claim 15, wherein the inverse cryptographic function comprises at least one of an inverse polynomial function or an inverse multivariate polynomial function. 17-20. (canceled)
 21. A device for implementing cryptography, comprising: a processor; and a memory for storing an application to be executed by the processor, the application for: generating a random lock; and applying a cryptographic function to a combination of secret data and the random lock to produce an encrypted result; and applying an inverse cryptographic function to the encrypted result to arrive at the secret data.
 22. The device according to claim 21, wherein the cryptographic function comprises at least one of a polynomial function or a multivariate polynomial function defined in part by one or more variables and coefficients.
 23. The device according to claim 21, wherein the inverse cryptographic function comprises at least one of an inverse polynomial function or an inverse multivariate polynomial function. 